Win32 s'est installé dans mon ordi
Résolu/Fermé
maninie
-
23 nov. 2007 à 09:40
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 25 janv. 2008 à 16:19
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 25 janv. 2008 à 16:19
A voir également:
- Win32 s'est installé dans mon ordi
- Mon ordi rame que faire - Guide
- Ordi ecran noir - Guide
- Snap ordi - Télécharger - Messagerie
- Ecran ordi a l'envers - Guide
- Hacktool win32 autokms ✓ - Forum Virus / Sécurité
123 réponses
Et maintenant je n'arrive plus à ouvrir mes mails pour avoir tes réponses... Tout va bien, je reste zen ;-)
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 12:49
23 nov. 2007 à 12:49
peux tu refaire combofix stp et post le rapport ici stp
Bonjour,
Bon, j'ai redémmaré l'ordi, et ça a l'air de mieux aller pour ma boite mail.
Alors, je fais quoi?
Bon, j'ai redémmaré l'ordi, et ça a l'air de mieux aller pour ma boite mail.
Alors, je fais quoi?
Bonjour,
voilà le rapport coComboFix 07-11-19.3 - Xavier et Magali 2007-11-23 12:53:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.479 [GMT 1:00]
Running from: C:\DOCUME~1\XAVIER~1\Bureau\combofix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 09:58 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-22 18:09 19,856 --a------ C:\WINDOWS\system32\foubwzf.exe
2007-11-22 17:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-22 15:41 19,856 --a------ C:\WINDOWS\system32\daqf.exe
2007-11-22 14:04 19,856 --a------ C:\WINDOWS\system32\iuafiinm.exe
2007-11-22 11:45 19,856 --a------ C:\WINDOWS\system32\oxdmmkg.exe
2007-11-21 13:07 <REP> d-------- C:\Program Files\Panda Security
2007-11-20 23:37 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 23:02 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-11-20 23:02 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-11-20 19:17 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-20 19:17 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-11-16 20:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 20:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-16 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-27 11:16 <REP> d-------- C:\Program Files\Dofus
2007-10-26 21:19 <REP> d-------- C:\WINDOWS\cache-cache
2007-10-26 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 11:44 --------- d-----w C:\Program Files\Wanadoo
2007-11-22 10:37 19,856 ----a-w C:\WINDOWS\system32\zmqr.exe
2007-11-22 09:02 19,856 ----a-w C:\WINDOWS\system32\vltytj.exe
2007-11-22 07:57 1,152 ----a-w C:\Documents and Settings\Xavier et Magali\Application Data\wklnhst.dat
2007-11-22 07:12 19,856 ----a-w C:\WINDOWS\system32\tdualgti.exe
2007-11-20 22:37 --------- d-----w C:\Program Files\Java
2007-11-08 07:53 --------- d-----w C:\Program Files\eMule
2007-11-01 17:32 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\LimeWire
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 15:06 --------- d-----w C:\Program Files\LimeWire
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Favorites
2007-10-14 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-13 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 13:24 --------- d-----w C:\Program Files\Orange
2007-10-13 13:24 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\Voxmobili
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 20:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-26 20:48 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 21:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 09:36]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-15 19:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 22:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-10-13 14:24:26]
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 19:40:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 11:50:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 12:55:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???@X??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 12:55:49
C:\ComboFix2.txt ... 2007-11-23 10:34
.
--- E O F ---
mbofix
voilà le rapport coComboFix 07-11-19.3 - Xavier et Magali 2007-11-23 12:53:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.479 [GMT 1:00]
Running from: C:\DOCUME~1\XAVIER~1\Bureau\combofix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 09:58 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-22 18:09 19,856 --a------ C:\WINDOWS\system32\foubwzf.exe
2007-11-22 17:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-22 15:41 19,856 --a------ C:\WINDOWS\system32\daqf.exe
2007-11-22 14:04 19,856 --a------ C:\WINDOWS\system32\iuafiinm.exe
2007-11-22 11:45 19,856 --a------ C:\WINDOWS\system32\oxdmmkg.exe
2007-11-21 13:07 <REP> d-------- C:\Program Files\Panda Security
2007-11-20 23:37 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 23:02 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-11-20 23:02 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-11-20 19:17 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-20 19:17 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-11-16 20:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 20:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-16 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-27 11:16 <REP> d-------- C:\Program Files\Dofus
2007-10-26 21:19 <REP> d-------- C:\WINDOWS\cache-cache
2007-10-26 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 11:44 --------- d-----w C:\Program Files\Wanadoo
2007-11-22 10:37 19,856 ----a-w C:\WINDOWS\system32\zmqr.exe
2007-11-22 09:02 19,856 ----a-w C:\WINDOWS\system32\vltytj.exe
2007-11-22 07:57 1,152 ----a-w C:\Documents and Settings\Xavier et Magali\Application Data\wklnhst.dat
2007-11-22 07:12 19,856 ----a-w C:\WINDOWS\system32\tdualgti.exe
2007-11-20 22:37 --------- d-----w C:\Program Files\Java
2007-11-08 07:53 --------- d-----w C:\Program Files\eMule
2007-11-01 17:32 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\LimeWire
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 15:06 --------- d-----w C:\Program Files\LimeWire
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Favorites
2007-10-14 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-13 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 13:24 --------- d-----w C:\Program Files\Orange
2007-10-13 13:24 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\Voxmobili
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 20:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-26 20:48 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 21:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 09:36]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-15 19:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 22:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-10-13 14:24:26]
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 19:40:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 11:50:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 12:55:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???@X??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 12:55:49
C:\ComboFix2.txt ... 2007-11-23 10:34
.
--- E O F ---
mbofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 12:57
23 nov. 2007 à 12:57
ok
peux tu refaire combofix stp et post le rapport ici stp
peux tu refaire combofix stp et post le rapport ici stp
Bonjour,
ComboFix 07-11-19.3 - Xavier et Magali 2007-11-23 13:02:26.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.471 [GMT 1:00]
Running from: C:\Documents and Settings\Xavier et Magali\Bureau\combofix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 09:58 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-22 18:09 19,856 --a------ C:\WINDOWS\system32\foubwzf.exe
2007-11-22 17:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-22 15:41 19,856 --a------ C:\WINDOWS\system32\daqf.exe
2007-11-22 14:04 19,856 --a------ C:\WINDOWS\system32\iuafiinm.exe
2007-11-22 11:45 19,856 --a------ C:\WINDOWS\system32\oxdmmkg.exe
2007-11-21 13:07 <REP> d-------- C:\Program Files\Panda Security
2007-11-20 23:37 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 23:02 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-11-20 23:02 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-11-20 19:17 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-20 19:17 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-11-16 20:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 20:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-16 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-27 11:16 <REP> d-------- C:\Program Files\Dofus
2007-10-26 21:19 <REP> d-------- C:\WINDOWS\cache-cache
2007-10-26 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 11:44 --------- d-----w C:\Program Files\Wanadoo
2007-11-22 10:37 19,856 ----a-w C:\WINDOWS\system32\zmqr.exe
2007-11-22 09:02 19,856 ----a-w C:\WINDOWS\system32\vltytj.exe
2007-11-22 07:57 1,152 ----a-w C:\Documents and Settings\Xavier et Magali\Application Data\wklnhst.dat
2007-11-22 07:12 19,856 ----a-w C:\WINDOWS\system32\tdualgti.exe
2007-11-20 22:37 --------- d-----w C:\Program Files\Java
2007-11-08 07:53 --------- d-----w C:\Program Files\eMule
2007-11-01 17:32 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\LimeWire
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 15:06 --------- d-----w C:\Program Files\LimeWire
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Favorites
2007-10-14 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-13 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 13:24 --------- d-----w C:\Program Files\Orange
2007-10-13 13:24 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\Voxmobili
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 20:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-26 20:48 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 21:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 09:36]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-15 19:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 22:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-10-13 14:24:26]
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 19:40:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 11:50:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 13:03:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???@X??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 13:03:24
C:\ComboFix2.txt ... 2007-11-23 12:55
C:\ComboFix3.txt ... 2007-11-23 10:34
.
--- E O F ---
ComboFix 07-11-19.3 - Xavier et Magali 2007-11-23 13:02:26.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.471 [GMT 1:00]
Running from: C:\Documents and Settings\Xavier et Magali\Bureau\combofix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 09:58 <REP> d-------- C:\Program Files\Hijackthis Version Française
2007-11-22 18:09 19,856 --a------ C:\WINDOWS\system32\foubwzf.exe
2007-11-22 17:58 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-22 15:41 19,856 --a------ C:\WINDOWS\system32\daqf.exe
2007-11-22 14:04 19,856 --a------ C:\WINDOWS\system32\iuafiinm.exe
2007-11-22 11:45 19,856 --a------ C:\WINDOWS\system32\oxdmmkg.exe
2007-11-21 13:07 <REP> d-------- C:\Program Files\Panda Security
2007-11-20 23:37 5,532 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-20 23:02 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2007-11-20 23:02 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2007-11-20 19:17 <REP> d-------- C:\Program Files\Fichiers communs\SansenDommagement
2007-11-20 19:17 <REP> dr------- C:\Documents and Settings\All Users\Application Data\sansendommagement
2007-11-16 20:42 <REP> d-------- C:\Program Files\QuickTime
2007-11-16 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 20:40 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-16 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-27 11:16 <REP> d-------- C:\Program Files\Dofus
2007-10-26 21:19 <REP> d-------- C:\WINDOWS\cache-cache
2007-10-26 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 11:44 --------- d-----w C:\Program Files\Wanadoo
2007-11-22 10:37 19,856 ----a-w C:\WINDOWS\system32\zmqr.exe
2007-11-22 09:02 19,856 ----a-w C:\WINDOWS\system32\vltytj.exe
2007-11-22 07:57 1,152 ----a-w C:\Documents and Settings\Xavier et Magali\Application Data\wklnhst.dat
2007-11-22 07:12 19,856 ----a-w C:\WINDOWS\system32\tdualgti.exe
2007-11-20 22:37 --------- d-----w C:\Program Files\Java
2007-11-08 07:53 --------- d-----w C:\Program Files\eMule
2007-11-01 17:32 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\LimeWire
2007-10-25 16:56 8,510,976 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 15:06 --------- d-----w C:\Program Files\LimeWire
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-14 21:01 --------- d-----w C:\Program Files\Windows Live Favorites
2007-10-14 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-13 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 13:24 --------- d-----w C:\Program Files\Orange
2007-10-13 13:24 --------- d-----w C:\Documents and Settings\Xavier et Magali\Application Data\Voxmobili
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 20:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 22:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-26 20:48 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 21:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 13:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 09:36]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-15 19:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 22:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Logiciel de Synchronisation Orange.lnk - C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-10-13 14:24:26]
R2 OPTENET_FILTER;Control Parental;C:\Program Files\Controle Parental\bin\optproxy.exe
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 19:40:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 11:50:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 13:03:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???@X??????R?@?????,?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 13:03:24
C:\ComboFix2.txt ... 2007-11-23 12:55
C:\ComboFix3.txt ... 2007-11-23 10:34
.
--- E O F ---
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 13:06
23 nov. 2007 à 13:06
ok repost un rapport hijack this stp
Bonjour,
Logfile of HijackThis v1.99.1
Scan saved at 13:07:26, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fbae2899cd74139adc51ae5d7607613
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fbae2899cd74139adc51ae5d7607613
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E050E5-689B-42B2-954E-B8EE612573D5}: NameServer = 81.253.149.9 80.10.246.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:07:26, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fbae2899cd74139adc51ae5d7607613
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fbae2899cd74139adc51ae5d7607613
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5E050E5-689B-42B2-954E-B8EE612573D5}: NameServer = 81.253.149.9 80.10.246.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 13:25
23 nov. 2007 à 13:25
ok
a l´aide de hijack this coche ceci :
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
fix la ligne :
tuto :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
clcik sur demarrer demarrer / executer tape sc stop FTRTSVC puis valide par ok (avec les espace tu peux meme faire un copié collé de la ligne
demarrer/ executer tape sc delete FTRTSVC puis valide par ok"
tu n´as pas de par feu!!!
instales en un pour ne plus avoir ce genre de probleme :
par feu : kerio 4.2
https://forums.cnetfrance.fr
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
puis regarde ceci :
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
alors pour une meilleure protection, desinstal avast et instal antivir :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
http://mickael.barroux.free.fr/securite/antivir.php
ta version de internet explorer n´est pas a jour, 6.0 > tu veux la version 7.0
alors fais les mises a jour windows sur le site de microsoft up dates
puis meme avec la version 7.0 il serait judicieux de surfer avec firefox ( plus sur ) tout en gardant internet explorer pour les mises a jour windows...
http://www.firefox.fr/
puis pour verifier que tout est renré dans l´ordre :
A.V.G :
-> Télécharger AVG Anti-Spyware (ewido)
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
-> L´installer.
-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
p.s : si les mises a jours ne se font pas, elles sont telechargable ici :
http://downloads.ewido.net/avgas-signatures-full-current.exe
-> Sur la page "analyse":
choisir d´abord l'onglet "paramètres".
sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».
-> Lancer le scan, (c´est long...).
-> A la fin du scan copier Et coller le rapport ici.
-> Une aide en image au cas ou :
Tutoriel d´installation et de parametrages :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
post le rapport d´analyse d´avg
@+
a l´aide de hijack this coche ceci :
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
fix la ligne :
tuto :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
clcik sur demarrer demarrer / executer tape sc stop FTRTSVC puis valide par ok (avec les espace tu peux meme faire un copié collé de la ligne
demarrer/ executer tape sc delete FTRTSVC puis valide par ok"
tu n´as pas de par feu!!!
instales en un pour ne plus avoir ce genre de probleme :
par feu : kerio 4.2
https://forums.cnetfrance.fr
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
puis regarde ceci :
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
alors pour une meilleure protection, desinstal avast et instal antivir :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
http://mickael.barroux.free.fr/securite/antivir.php
ta version de internet explorer n´est pas a jour, 6.0 > tu veux la version 7.0
alors fais les mises a jour windows sur le site de microsoft up dates
puis meme avec la version 7.0 il serait judicieux de surfer avec firefox ( plus sur ) tout en gardant internet explorer pour les mises a jour windows...
http://www.firefox.fr/
puis pour verifier que tout est renré dans l´ordre :
A.V.G :
-> Télécharger AVG Anti-Spyware (ewido)
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
-> L´installer.
-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
p.s : si les mises a jours ne se font pas, elles sont telechargable ici :
http://downloads.ewido.net/avgas-signatures-full-current.exe
-> Sur la page "analyse":
choisir d´abord l'onglet "paramètres".
sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».
-> Lancer le scan, (c´est long...).
-> A la fin du scan copier Et coller le rapport ici.
-> Une aide en image au cas ou :
Tutoriel d´installation et de parametrages :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
post le rapport d´analyse d´avg
@+
Bonjour,
J'en suis là:
clcik sur demarrer demarrer / executer tape sc stop FTRTSVC puis valide par ok (avec les espace tu peux meme faire un copié collé de la ligne
demarrer/ executer tape sc delete FTRTSVC puis valide par ok"
mais je ne sais pas sur quel "démarrer" je dois cliquer??? celui en bas à gauche de mon écran ou bien dans hijack this?
J'en suis là:
clcik sur demarrer demarrer / executer tape sc stop FTRTSVC puis valide par ok (avec les espace tu peux meme faire un copié collé de la ligne
demarrer/ executer tape sc delete FTRTSVC puis valide par ok"
mais je ne sais pas sur quel "démarrer" je dois cliquer??? celui en bas à gauche de mon écran ou bien dans hijack this?
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 13:38
23 nov. 2007 à 13:38
oui celui dans ta barre des taches celui en bas à gauche
Bon, ça va c'est ce que j'ai fait.
A priori, tu me conseilles aussi de changer d'antivirus. Est-ce que je supprime avast d'abord, ou bien je télécharge l'autre et je supprime avast ensuite?
A priori, tu me conseilles aussi de changer d'antivirus. Est-ce que je supprime avast d'abord, ou bien je télécharge l'autre et je supprime avast ensuite?
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 13:46
23 nov. 2007 à 13:46
je vais m´absenter pour un moment,
telecharge antivir sur ton bureau >, coupe toi du net desinstale avast et commence l´instal d´antivir et au moment de faire la mise a jour connecte toi a nouveau
telecharge antivir sur ton bureau >, coupe toi du net desinstale avast et commence l´instal d´antivir et au moment de faire la mise a jour connecte toi a nouveau
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 14:33
23 nov. 2007 à 14:33
je suis de retour, tous ce passe comme tu veux?
J'ai installé antivir, et fait un scan. Le voici:
AntiVir PersonalEdition Classic
Report file date: vendredi 23 novembre 2007 14:57
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC180812781824
Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 23 novembre 2007 14:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'optproxy.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'SyncManager.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'Voxsync.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '37' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47b4e0d2.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP181\A0052265.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4776e34a.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP183\A0070403.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '4776e356.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP183\A0070404.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4776e359.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP184\A0070426.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4776e35e.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP184\A0070429.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4776e360.qua'!
C:\WINDOWS\system32\daqf.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47b7e4b9.qua'!
C:\WINDOWS\system32\foubwzf.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bbe4ce.qua'!
C:\WINDOWS\system32\iuafiinm.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47a7e4da.qua'!
C:\WINDOWS\system32\oxdmmkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47aae4ec.qua'!
C:\WINDOWS\system32\tdualgti.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bbe4e3.qua'!
C:\WINDOWS\system32\vltytj.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bae4ef.qua'!
C:\WINDOWS\system32\zmqr.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47b7e4f9.qua'!
Begin scan in 'D:\' <PRESARIO_RP>
End of the scan: vendredi 23 novembre 2007 15:33
Used time: 36:12 min
The scan has been done completely.
5765 Scanning directories
301194 Files were scanned
12 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
301182 Files not concerned
8380 Archives were scanned
2 Warnings
10 Notes
A mon tour de m'absenter. Je n'ai pas réussi à installer le firewall (en anglais, et payant à priori)
Comment je fais maintenant (enfin, à mon retour plutôt?)
AntiVir PersonalEdition Classic
Report file date: vendredi 23 novembre 2007 14:57
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC180812781824
Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 23 novembre 2007 14:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'optproxy.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'SyncManager.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'Voxsync.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '37' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47b4e0d2.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP181\A0052265.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4776e34a.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP183\A0070403.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '4776e356.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP183\A0070404.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4776e359.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP184\A0070426.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4776e35e.qua'!
C:\System Volume Information\_restore{7B611537-58DE-4087-B3A2-96B0BFF92CB3}\RP184\A0070429.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4776e360.qua'!
C:\WINDOWS\system32\daqf.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47b7e4b9.qua'!
C:\WINDOWS\system32\foubwzf.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bbe4ce.qua'!
C:\WINDOWS\system32\iuafiinm.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47a7e4da.qua'!
C:\WINDOWS\system32\oxdmmkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47aae4ec.qua'!
C:\WINDOWS\system32\tdualgti.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bbe4e3.qua'!
C:\WINDOWS\system32\vltytj.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47bae4ef.qua'!
C:\WINDOWS\system32\zmqr.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPI.Gen
[INFO] The file was moved to '47b7e4f9.qua'!
Begin scan in 'D:\' <PRESARIO_RP>
End of the scan: vendredi 23 novembre 2007 15:33
Used time: 36:12 min
The scan has been done completely.
5765 Scanning directories
301194 Files were scanned
12 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
301182 Files not concerned
8380 Archives were scanned
2 Warnings
10 Notes
A mon tour de m'absenter. Je n'ai pas réussi à installer le firewall (en anglais, et payant à priori)
Comment je fais maintenant (enfin, à mon retour plutôt?)
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 15:51
23 nov. 2007 à 15:51
salut a ton retour,
vide la quarantaine d´antivir
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
instale kerio, il est en anglais mais avec les tutos tu devrais t en sortir, il est gratuit seulement apres les 30 jour certaines fonctions pas les plus essentielles seront desctivées
puis
passe ceci et post le rapport stp
Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
vide la quarantaine d´antivir
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
instale kerio, il est en anglais mais avec les tutos tu devrais t en sortir, il est gratuit seulement apres les 30 jour certaines fonctions pas les plus essentielles seront desctivées
puis
passe ceci et post le rapport stp
Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
23 nov. 2007 à 16:34
23 nov. 2007 à 16:34
ok